1570f0930438ccf87c5e467cb90e224f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1570f0930438ccf87c5e467cb90e224f_JaffaCakes118
Size

428KB
MD5

1570f0930438ccf87c5e467cb90e224f
SHA1

550124d9cbd054c5d8ef6ae278c18ea4f77abe3e
SHA256

6788f7da34cffd2bb4003e0f5207c7cc1c410a63bf975f0fbe938f3e77c929ac
SHA512

f8a6c0b86353c7e37f87101c3c856188127b019557515be9cbbb27c1c9de80e9b8d9763143b170accc748bfa46ffe5ef343dd8309c008f0a3b1e42b7b09a4df4
SSDEEP

6144:uPQNwLiD281b9yCKahmb4KZol6UFk0O5eQueunp:uPQjD281b9yUm8XlSJe91

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1570f0930438ccf87c5e467cb90e224f_JaffaCakes118

Files

1570f0930438ccf87c5e467cb90e224f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fd7108d9efc9959d041856844d51abd4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sogouime32\Bin\SogouInput\ImeUtil.pdb

Imports

imm32

ImmDisableIME

kernel32

OpenEventW
CloseHandle
CreateProcessW
GetLastError
Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
LoadLibraryW
DeleteFileW
GetProcAddress
CreateDirectoryW
FreeLibrary
SetLastError
CreateEventW
FindFirstFileW
MoveFileExW
FindClose
RemoveDirectoryW
FindNextFileW
GetVersionExW
GetModuleFileNameW
GetCommandLineW
InterlockedCompareExchange
InterlockedIncrement
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
CreateFileW
OpenFileMappingW
WideCharToMultiByte
MultiByteToWideChar
LocalFree
CreateMutexW
ReleaseMutex
OpenMutexW
WaitForSingleObject
SetFilePointer
WriteFile
ReadFile
FlushFileBuffers
GetFileSize
CreateThread
GetSystemTimeAsFileTime
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
RaiseException
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetFullPathNameW
GetCurrentDirectoryA
HeapSize
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSection
LoadLibraryA
QueryPerformanceFrequency

user32

GetKeyboardLayoutList

advapi32

RegQueryValueExW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetNamedSecurityInfoW
GetSecurityInfo
GetNamedSecurityInfoW
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

shell32

SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderPathW

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.WYCao
Size: 48KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd7108d9efc9959d041856844d51abd4

Headers

File Characteristics

PDB Paths

Imports

imm32

kernel32

user32

advapi32

shell32

Sections

.text Size: 192KB - Virtual size: 191KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 128KB - Virtual size: 140KB

.WYCao Size: 48KB - Virtual size: 64KB

.text
Size: 192KB - Virtual size: 191KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 128KB - Virtual size: 140KB

.WYCao
Size: 48KB - Virtual size: 64KB